CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

Similar documents
Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

NIST Cloud Computing Program

NIST Cloud Computing Security Reference Architecture (SP draft)

The NIST Cloud Computing Program

Highlights & Next Steps

Cloud Computing A NIST Perspective and Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Service Measurement Index Framework Version 2.1

NIST Cloud Computing Reference Architecture

The Road to Cloud Standards via a Reference Architecture

6 Cloud computing overview

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

ca IT Leaders Forum Working in the Cloud using the new ISO/IEC/ITU-T Cloud Computing Standards Dr David Ross, Chief Information Security Officer,

Security Issues in Cloud Computing

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II

White Paper. Cloud Vademecum

Applying Business Architecture to the Cloud

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

Public Cloud Workshop Offerings

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

Cloud Computing Technology

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Document: NIST CCSRWG 092. First Edition

Managing Cloud Services in the Enterprise The Value of Cloud Services Brokers

US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft)

An Overview of the Most Important Reference Architectures for Cloud Computing

A Comprehensive Study on Cloud Computing Standardization

Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services

National Institute of Standards and Technology

How To Understand Cloud Usability

NIST Cloud Computing Program Activities

Logical Data Models for Cloud Computing Architectures

Daniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016

Seeing Though the Clouds

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

The problem of cloud data governance

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Estimating Trust Value for Cloud Service Providers using Fuzzy Logic

Cloud Computing and Standards

Open Certification Framework. Vision Statement

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

SMICloud: A Framework for Comparing and Ranking Cloud Services

CHAPTER 8 CLOUD COMPUTING

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE

Comparative Analysis of SOA and Cloud Computing Architectures using Fact Based Modeling

Shared Services Canada (SSC)

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

OVERVIEW Cloud Deployment Services

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

Fundamental Concepts and Models

Ecom Infotech. Page 1 of 6

What Cloud computing means in real life

Cloud Computing Actionable Standards An Overview of Cloud Specifications

How To Use Cloud Computing For Federal Agencies

journey to a hybrid cloud

A Model for Accomplishing and Managing Dynamic Cloud Federations

Cloud Computing. What is Cloud Computing?

IT AS A SERVICE BROKER

This document is a preview generated by EVS

The Private Cloud Your Controlled Access Infrastructure

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

Shared Services Canada. Cloud Computing

The Cloud Computing Revolution: Beyond the Hype

IaaS Federation. Contrail project. IaaS Federation! Objectives and Challenges! & SLA management in Federations 5/23/11

Moving beyond Virtualization as you make your Cloud journey. David Angradi

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

RANKING THE CLOUD SERVICES BASED ON QOS PARAMETERS

The agile Cloud Brokerage approach. An innovative, business aligned and mature IT services delivery model!

EXIN Cloud Computing Foundation

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Interoperability & Portability for Cloud Computing: A Guide.

Cloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University

Clinical Trials in the Cloud: A New Paradigm?

VMware vcloud Powered Services

GRC Stack Research Sponsorship

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications

Transcription:

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014

BACKGROUND

Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value activities Assets will be better utilized Demand aggregation will reduce duplication Data center consolidation can be accelerated IT will be simpler and more productive Agility improvements will make services more responsive Services will be more scalable Innovation improvements will rapidly enhance service effectiveness Encourage entrepreneurial culture by reducing risk

NIST Cloud Computing Program Goal To accelerate the federal government s adoption of cloud computing Build a USG Cloud Computing Technology Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders

NIST Mission To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

NIST Cloud Computing Technology Roadmap Vol I High-Priority Requirements to Further USG Agency Cloud Computing Adoption Vol II Useful Information for Cloud Adopters Reference architecture Use cases Standards Security

Roadmap Requirements HIGH PRIORITIES REQUIREMENTS 1. International voluntary consensus standards 2. Solutions for Security Requirements 3. High quality Service Level Agreements 4. Consistently categorized cloud services 5. Federated community cloud environments 6. Decoupling security solutions from policy decisions 7. Unique government regulatory requirements 8. Collaborative strategic future cloud initiatives 9. Defined reliability design goals 10. Defined cloud service metrics 7

Roadmap Requirements Related to SLAs Requirement 3: Develop Technical specifications to enable development of consistent, high-quality Service- Level Agreements Develop a controlled and standardized vocabulary of cloud SLA terms and definitions Ensure consistency in guidance and policy regarding SLA relevant terms and definition Requirement 10: Define and implement cloud service metrics Standardize Units of Measurement for cloud services, seeking public comment and collaboration. Incorporate Cloud Service Units of Measurement consistently in Service- Level Agreements.

Cloud Reference Architecture Cloud Service Consumer Cloud Auditor Security Audit Privacy Impact Audit Service Layer IaaS PaaS SaaS Resource Abstraction and Control Layer Physical Resource Layer Hardware Cloud Service Provider Cloud Service Management Business Support Provisioning/ Configuration Portability/ Interoperability Security Privacy Cloud Broker Service Intermediation Service Aggregation Service Arbitrage Performance Audit Facility Cloud Carrier

Cloud Actors Cloud Consumer Person or organization that maintains a business relationship with, and uses services. Cloud Auditor A party that can conduct independent assessment of cloud services Cloud Provider Person, organization or entity responsible for making a service available to Cloud Consumers. Cloud Broker An entity that manages the use, and negotiates relationships between Cloud Providers and Cloud Consumers. Cloud Carrier The intermediary that provides connectivity and transport of cloud services

Cloud SLA Actors Cloud Provider Cloud Consumer Person or organization that maintains a business relationship with, and uses services. Person, organization or entity responsible for making a service available to Cloud Consumers.

Service Level Agreement SLA Definitions Documented agreement between the service provider and customer that identifies services and servicetargets ((ISO 20000 1 (2011)) Cloud Service level Agreement A document stating the technical performance promises made by the cloud provider, how disputes are to be discovered and handled, and any remedies for performance failures. (NIST SP 800 146) 12

MSA SA SLA Master Service Agreement Top level legal agreement between provider and customer covering general aspects Service Agreement Lower level agreement covering one specific service Service Level Agreement Lower level agreement covering the performance aspects of a service

Why is there a problem with existing SLAs? Each provider uses different language, making it difficult to compare SLAs Current SLAs do not provide assurances the customer s needs will be met Remedies are not sufficient

Why is there a problem with existing SLAs? Each provider uses different language, making it difficult to compare SLAs Current SLAs do not provide assurances the customer s needs will be met Remedies are not sufficient

Three parts to the process The decision making framework helps the customer lay out the requirements for the cloud service The SA/SLA then represents the agreement between the customer and the provider Metrics and measurements show what is provided (whether the SLA thresholds are met). 16

DECISION MAKING

Decision Making NIST Roadmap Volume III Technical Considerations for USG Cloud Computing Deployment Cloud Service Index Measurement Consortium

Decision Making Customers need a way to evaluate cloud offerings Understand cloud service technical benefits and issues for different types of services Understand business requirements Evaluate cloud service against requirements

Cloud Service Measurement Index Quantifiable method of assessing cloud service properties Weighted properties Each level is rolled up Provides single quantifiable assessment of cloud service

CSMIC The SMI s hierarchical framework. The top level divides the measurement space into 7 Categories. Each Category is further refined by 3 or more Attributes. Then within each Attribute a set of Key Performance Indicators KPI s are being defined that describe the data to be collected for each measure/metric. Public version is available at www.csmic.org CSMIC is providing a version for government use testing will be underway soon.

CSMIC Top Level Categories Category Questions 1. Accountability Can we count on the provider organization? 2. Agility Can it be changed and how quickly can it be changed? 3. Assurance How likely is it that the service will work as expected? 4. Financial How much is it? 5. Performance Does it do what we need? 6. Security and Privacy Is the service safe and privacy protected? 7. Usability Is it easy to learn and to use?

CSMIC Category Attributes

CSMIC Concept

SERVICE LEVEL AGREEMENTS

SLAs International Standardization Effort ISO/IEC 19086 26

ISO/IEC 19086 Cloud computing Service level agreement (SLA) framework and terminology BEING DONE WITHIN IEC/ISO JTC1 (JOINT TECHNICAL COMMITTEE) SC38 (DISTRIBUTED APPLICATION PLATFORMS AND SERVICES) ISO/IEC 19086 DRAFT INCLUDES OVERVIEW OF SERVICE LEVEL AGREEMENTS (SLAS) FOR CLOUD SERVICES RELATIONSHIP BETWEEN THE MASTER AGREEMENT AND SLAS DISCUSSION OF SLA MANAGEMENT SLA ELEMENTS THAT CAN BE USED WITHIN A FRAMEWORK TO BUILD SLAS A SEPARATE DOCUMENT DESCRIBING THE NECESSARY METRICS 27

SLA Element Examples Availability Response Performance Privacy Security Reliability Support Data Management Certifications and Audits 28

ISO/IEC 19086 Timeline New Work Item began September 2013 Second face to face January 2014 Next meeting April 2014 Committee Draft (CD) October 2014 Final Publication 2015

IEC/ISO 19086 PLEASE PROVIDE INPUT ERIC.SIMMON@NIST.GOV

METRICS

Role of Metrics to Support The definition and usage of appropriate metrics and their underlying measures is an essential aspect to verifying the SLA. SLAs Without proper metrics it is difficult to enforce an SLA. By monitoring the cloud system it can be verified that the requirements laid out in the SLA are being met. 32

NIST CC Metrics PUBLIC Working Group 33

Metrics for Deciders Cloud Customer A? Metrics B? Decision Cloud A Properties Cloud B Properties

Metrics for Verifiers Cloud Customer Requirements Metrics SLA Agreement Cloud Offering B Capabilities

Metrics Challenge Standardized measurement definitions and formats The metrics for specific measurements themselves

Metrics Challenge Standardized measurement definitions and formats The measurements/metrics themselves

Definition Uncertainty

Target Resource Cloud service of interest Property of interest Depends Property Measure definition(s) and parameter(s) Measure Definition(s) Define Context Conditions Measurement Rules Other Constraints Metric

Metrics Model Metric -name -referenceid -category -parameterlist -metrics 0..* Measurement -description -contextconditions 1..* ContextCondition -description -targetcharacterization -applicabilityrestriction -measurementrules 1..* MeasurementRule -description -method -uncertainty -targetmeasuredefinitions 1..* 1 -primarymeasuredefinition MeasureDefinition -name -referenceid -type -scale -unit -expression -measurementresults 0..* Measure -value -uncertainty -unit -measuredefinition 1 -underlyingmeasuredefinitions 0..*

Future of Cloud Computing Customer Provider Provider Customer Provider Customer

Future of Cloud Computing Heterogeneous mix of cloud services Combination of services exhibit cloud characteristics Service level agreements Self service Multiple levels Automated Machine process-able

Federal Cloud Computing Standards and Technology Working Group Discussions of technical challenges and solutions for federal agencies Conference call 3 rd Thursday each month

Thank you ERIC SIMMON 301 975 3956 ERIC.SIMMON@NIST.GOV

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information